For advanced use only. A string to be inserted into hue_safety_valve_server.ini for this role only.

hue_server_hue_safety_valve

false

Hue Server Environment Advanced Configuration Snippet (Safety Valve)

For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of this
role except client configuration.

HUE_SERVER_role_env_safety_valve

false

Automatically Restart Process

When set, this role's process is automatically (and transparently) restarted in the event of an unexpected failure.

false

process_auto_restart

true

Logs

Display Name

Description

Related Name

Default Value

API Name

Required

Hue Server Log Directory

Directory where Hue Server will place its log files.

/var/log/hue

hue_server_log_dir

false

Monitoring

Display Name

Description

Related Name

Default Value

API Name

Required

Enable Health Alerts for this Role

When set, Cloudera Manager will send alerts when the health of this role reaches the threshold specified by the EventServer setting
eventserver_health_events_alert_threshold

true

enable_alerts

false

Enable Configuration Change Alerts

When set, Cloudera Manager will send alerts when this entity's configuration changes.

false

enable_config_alerts

false

Heap Dump Directory Free Space Monitoring Absolute Thresholds

The health test thresholds for monitoring of free space on the filesystem that contains this role's heap dump directory.

Warning: 10 GiB, Critical: 5 GiB

heap_dump_directory_free_space_absolute_thresholds

false

Heap Dump Directory Free Space Monitoring Percentage Thresholds

The health test thresholds for monitoring of free space on the filesystem that contains this role's heap dump directory. Specified as
a percentage of the capacity on that filesystem. This setting is not used if a Heap Dump Directory Free Space Monitoring Absolute Thresholds setting is configured.

Warning: Never, Critical: Never

heap_dump_directory_free_space_percentage_thresholds

false

File Descriptor Monitoring Thresholds

The health test thresholds of the number of file descriptors used. Specified as a percentage of file descriptor limit.

Enables the health test that the Hue Server's process state is consistent with the role configuration

true

hue_server_scm_health_enabled

false

Web Metric Collection

Enables the health test that the Cloudera Manager Agent can successfully contact and gather metrics from the web server.

true

hue_server_web_metric_collection_enabled

false

Web Metric Collection Duration

The health test thresholds on the duration of the metrics request to the web server.

Warning: 10 second(s), Critical: Never

hue_server_web_metric_collection_thresholds

false

Log Directory Free Space Monitoring Absolute Thresholds

The health test thresholds for monitoring of free space on the filesystem that contains this role's log directory.

Warning: 10 GiB, Critical: 5 GiB

log_directory_free_space_absolute_thresholds

false

Log Directory Free Space Monitoring Percentage Thresholds

The health test thresholds for monitoring of free space on the filesystem that contains this role's log directory. Specified as a
percentage of the capacity on that filesystem. This setting is not used if a Log Directory Free Space Monitoring Absolute Thresholds setting is configured.

Warning: Never, Critical: Never

log_directory_free_space_percentage_thresholds

false

Process Swap Memory Thresholds

The health test thresholds on the swap memory usage of the process.

Warning: Any, Critical: Never

process_swap_memory_thresholds

false

Role Triggers

The configured triggers for this role. This is a JSON formatted list of triggers. These triggers are evaluated as part as the health
system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed. Each trigger has the following fields:

triggerName(mandatory) - The name of the trigger. This value must be unique for the specific role.

streamThreshold(optional) - The maximum number of streams that can satisfy a condition of a trigger before the condition
fires. By default set to 0, and any stream returned causes the condition to fire.

enabled(optional) - By default set to 'true'. If set to 'false', the trigger is not evaluated.

expressionEditorConfig(optional) - Metadata for the trigger editor. If present, the trigger should only be edited from the
Edit Trigger page; editing the trigger here can lead to inconsistencies.

For example, the following JSON formatted trigger configured for a DataNode fires if the DataNode has more than 1500 file descriptors opened:[{"triggerName": "sample-trigger",
"triggerExpression": "IF (SELECT fd_open WHERE roleName=$ROLENAME and last(fd_open) > 1500) DO health:bad", "streamThreshold": 0, "enabled": "true"}]See the trigger rules documentation for
more details on how to write triggers using tsquery.The JSON format is evolving and may change and, as a result, backward compatibility is not guaranteed between releases.

[]

role_triggers

true

Unexpected Exits Thresholds

The health test thresholds for unexpected exits encountered within a recent period specified by the unexpected_exits_window
configuration for the role.

Warning: Never, Critical: Any

unexpected_exits_thresholds

false

Unexpected Exits Monitoring Period

The period to review when computing unexpected exits.

5 minute(s)

unexpected_exits_window

false

Other

Display Name

Description

Related Name

Default Value

API Name

Required

HiveServer2 and Impala Thrift Connection Timeout

Timeout in seconds for Thrift calls to HiveServer2 and Impala.

server_conn_timeout

2 minute(s)

hs2_conn_timeout

false

Jobsub Examples and Templates Directory

Location on HDFS where the jobsub examples and templates are stored.

remote_data_dir

/user/hue/jobsub

hue_server_remote_data_dir

true

Secret Key

Random string used for secure hashing in the session store.

secret_key

secret_key

false

Performance

Display Name

Description

Related Name

Default Value

API Name

Required

Maximum Process File Descriptors

If configured, overrides the process soft and hard rlimits (also called ulimits) for file descriptors to the configured value.

rlimit_fds

false

Ports and Addresses

Display Name

Description

Related Name

Default Value

API Name

Required

Hue HTTP Port

Port to use to connect to the Hue server.

http_port

8888

hue_http_port

false

Bind Hue Server to Wildcard Address

If enabled, the Hue server binds to the wildcard address ("0.0.0.0") for its ports.

false

hue_server_bind_wildcard

false

Resource Management

Display Name

Description

Related Name

Default Value

API Name

Required

Cgroup CPU Shares

Number of CPU shares to assign to this role. The greater the number of shares, the larger the share of the host's CPUs that will be
given to this role when the host experiences CPU contention. Must be between 2 and 262144. Defaults to 1024 for processes not managed by Cloudera Manager.

cpu.shares

1024

rm_cpu_shares

true

Cgroup I/O Weight

Weight for the read I/O requests issued by this role. The greater the weight, the higher the priority of the requests when the host
experiences I/O contention. Must be between 100 and 1000. Defaults to 1000 for processes not managed by Cloudera Manager.

blkio.weight

500

rm_io_weight

true

Cgroup Memory Hard Limit

Hard memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages
charged to the process. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default
processes not managed by Cloudera Manager will have no limit.

memory.limit_in_bytes

-1 MiB

rm_memory_hard_limit

true

Cgroup Memory Soft Limit

Soft memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages
charged to the process if and only if the host is facing memory pressure. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use
a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit.

memory.soft_limit_in_bytes

-1 MiB

rm_memory_soft_limit

true

Security

Display Name

Description

Related Name

Default Value

API Name

Required

Path to TLS/SSL Certificate

Path to the TLS/SSL certificate on the host running the Hue web server. This file must be in PEM format, and must be readable by the
Hue system user.

ssl_certificate

ssl_certificate

false

Enable Hue Server HTTPS

Enable HTTPS for the Hue web server.

false

ssl_enable

false

Path to TLS/SSL Private Key

Path to the TLS/SSL private key on the host running the Hue web server. This file must be in PEM format, and must be readable by the
Hue system user.

ssl_private_key

ssl_private_key

false

Suppressions

Display Name

Description

Related Name

Default Value

API Name

Required

Suppress Parameter Validation: Top Banner Custom HTML

Whether to suppress configuration warnings produced by the built-in parameter validation for the Top Banner Custom HTML
parameter.

false

role_config_suppression_banner_html

true

Suppress Configuration Validator: CDH Version Validator

Whether to suppress configuration warnings produced by the CDH Version Validator configuration validator.

Whether to suppress configuration warnings produced by the Hue TLS/SSL Validator configuration validator.

false

role_config_suppression_hue_ssl_validator

true

Suppress Parameter Validation: Role Triggers

Whether to suppress configuration warnings produced by the built-in parameter validation for the Role Triggers parameter.

false

role_config_suppression_role_triggers

true

Suppress Parameter Validation: Secret Key

Whether to suppress configuration warnings produced by the built-in parameter validation for the Secret Key parameter.

false

role_config_suppression_secret_key

true

Suppress Parameter Validation: Path to TLS/SSL Certificate

Whether to suppress configuration warnings produced by the built-in parameter validation for the Path to TLS/SSL Certificate
parameter.

false

role_config_suppression_ssl_certificate

true

Suppress Parameter Validation: Path to TLS/SSL Private Key

Whether to suppress configuration warnings produced by the built-in parameter validation for the Path to TLS/SSL Private Key
parameter.

false

role_config_suppression_ssl_private_key

true

Suppress Health Test: File Descriptors

Whether to suppress the results of the File Descriptors heath test. The results of suppressed health tests are ignored when
computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_hue_server_file_descriptor

true

Suppress Health Test: Heap Dump Directory Free Space

Whether to suppress the results of the Heap Dump Directory Free Space heath test. The results of suppressed health tests are ignored
when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_hue_server_heap_dump_directory_free_space

true

Suppress Health Test: Host Health

Whether to suppress the results of the Host Health heath test. The results of suppressed health tests are ignored when computing the
overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_hue_server_host_health

true

Suppress Health Test: Log Directory Free Space

Whether to suppress the results of the Log Directory Free Space heath test. The results of suppressed health tests are ignored when
computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_hue_server_log_directory_free_space

true

Suppress Health Test: Process Status

Whether to suppress the results of the Process Status heath test. The results of suppressed health tests are ignored when computing
the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_hue_server_scm_health

true

Suppress Health Test: Swap Memory Usage

Whether to suppress the results of the Swap Memory Usage heath test. The results of suppressed health tests are ignored when
computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_hue_server_swap_memory_usage

true

Suppress Health Test: Unexpected Exits

Whether to suppress the results of the Unexpected Exits heath test. The results of suppressed health tests are ignored when
computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_hue_server_unexpected_exits

true

Suppress Health Test: Web Server Status

Whether to suppress the results of the Web Server Status heath test. The results of suppressed health tests are ignored when
computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

kerberosticketrenewer

Advanced

For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of
this role except client configuration.

KT_RENEWER_role_env_safety_valve

false

Automatically Restart Process

When set, this role's process is automatically (and transparently) restarted in the event of an unexpected failure.

false

process_auto_restart

true

Logs

Display Name

Description

Related Name

Default Value

API Name

Required

Kerberos Ticket Renewer Log Directory

Directory where Kerberos Ticket Renewer will place its log files.

/var/log/hue

kt_renewer_log_dir

false

Monitoring

Display Name

Description

Related Name

Default Value

API Name

Required

Enable Health Alerts for this Role

When set, Cloudera Manager will send alerts when the health of this role reaches the threshold specified by the EventServer setting
eventserver_health_events_alert_threshold

true

enable_alerts

false

Enable Configuration Change Alerts

When set, Cloudera Manager will send alerts when this entity's configuration changes.

false

enable_config_alerts

false

Heap Dump Directory Free Space Monitoring Absolute Thresholds

The health test thresholds for monitoring of free space on the filesystem that contains this role's heap dump directory.

Warning: 10 GiB, Critical: 5 GiB

heap_dump_directory_free_space_absolute_thresholds

false

Heap Dump Directory Free Space Monitoring Percentage Thresholds

The health test thresholds for monitoring of free space on the filesystem that contains this role's heap dump directory. Specified
as a percentage of the capacity on that filesystem. This setting is not used if a Heap Dump Directory Free Space Monitoring Absolute Thresholds setting is configured.

Warning: Never, Critical: Never

heap_dump_directory_free_space_percentage_thresholds

false

File Descriptor Monitoring Thresholds

The health test thresholds of the number of file descriptors used. Specified as a percentage of file descriptor limit.

Enables the health test that the Kerberos Ticket Renewer's process state is consistent with the role configuration

true

kt_renewer_scm_health_enabled

false

Log Directory Free Space Monitoring Absolute Thresholds

The health test thresholds for monitoring of free space on the filesystem that contains this role's log directory.

Warning: 10 GiB, Critical: 5 GiB

log_directory_free_space_absolute_thresholds

false

Log Directory Free Space Monitoring Percentage Thresholds

The health test thresholds for monitoring of free space on the filesystem that contains this role's log directory. Specified as a
percentage of the capacity on that filesystem. This setting is not used if a Log Directory Free Space Monitoring Absolute Thresholds setting is configured.

Warning: Never, Critical: Never

log_directory_free_space_percentage_thresholds

false

Process Swap Memory Thresholds

The health test thresholds on the swap memory usage of the process.

Warning: Any, Critical: Never

process_swap_memory_thresholds

false

Role Triggers

The configured triggers for this role. This is a JSON formatted list of triggers. These triggers are evaluated as part as the health
system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed. Each trigger has the following fields:

triggerName(mandatory) - The name of the trigger. This value must be unique for the specific role.

streamThreshold(optional) - The maximum number of streams that can satisfy a condition of a trigger before the condition
fires. By default set to 0, and any stream returned causes the condition to fire.

enabled(optional) - By default set to 'true'. If set to 'false', the trigger is not evaluated.

expressionEditorConfig(optional) - Metadata for the trigger editor. If present, the trigger should only be edited from the
Edit Trigger page; editing the trigger here can lead to inconsistencies.

For example, the following JSON formatted trigger configured for a DataNode fires if the DataNode has more than 1500 file descriptors opened:[{"triggerName": "sample-trigger",
"triggerExpression": "IF (SELECT fd_open WHERE roleName=$ROLENAME and last(fd_open) > 1500) DO health:bad", "streamThreshold": 0, "enabled": "true"}]See the trigger rules documentation for
more details on how to write triggers using tsquery.The JSON format is evolving and may change and, as a result, backward compatibility is not guaranteed between releases.

[]

role_triggers

true

Unexpected Exits Thresholds

The health test thresholds for unexpected exits encountered within a recent period specified by the unexpected_exits_window
configuration for the role.

Warning: Never, Critical: Any

unexpected_exits_thresholds

false

Unexpected Exits Monitoring Period

The period to review when computing unexpected exits.

5 minute(s)

unexpected_exits_window

false

Other

Display Name

Description

Related Name

Default Value

API Name

Required

Hue Keytab Renewal Interval

Interval in seconds with which Hue's Kerberos ticket will get renewed.

reinit_frequency

1 hour(s)

keytab_reinit_frequency

false

Performance

Display Name

Description

Related Name

Default Value

API Name

Required

Maximum Process File Descriptors

If configured, overrides the process soft and hard rlimits (also called ulimits) for file descriptors to the configured value.

rlimit_fds

false

Resource Management

Display Name

Description

Related Name

Default Value

API Name

Required

Cgroup CPU Shares

Number of CPU shares to assign to this role. The greater the number of shares, the larger the share of the host's CPUs that will be
given to this role when the host experiences CPU contention. Must be between 2 and 262144. Defaults to 1024 for processes not managed by Cloudera Manager.

cpu.shares

1024

rm_cpu_shares

true

Cgroup I/O Weight

Weight for the read I/O requests issued by this role. The greater the weight, the higher the priority of the requests when the host
experiences I/O contention. Must be between 100 and 1000. Defaults to 1000 for processes not managed by Cloudera Manager.

blkio.weight

500

rm_io_weight

true

Cgroup Memory Hard Limit

Hard memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages
charged to the process. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default
processes not managed by Cloudera Manager will have no limit.

memory.limit_in_bytes

-1 MiB

rm_memory_hard_limit

true

Cgroup Memory Soft Limit

Soft memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages
charged to the process if and only if the host is facing memory pressure. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use
a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit.

memory.soft_limit_in_bytes

-1 MiB

rm_memory_soft_limit

true

Suppressions

Display Name

Description

Related Name

Default Value

API Name

Required

Suppress Configuration Validator: CDH Version Validator

Whether to suppress configuration warnings produced by the CDH Version Validator configuration validator.

false

role_config_suppression_cdh_version_validator

true

Suppress Parameter Validation: Kerberos Ticket Renewer Log Directory

Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Ticket Renewer Log
Directory parameter.

Whether to suppress configuration warnings produced by the built-in parameter validation for the Role Triggers parameter.

false

role_config_suppression_role_triggers

true

Suppress Health Test: File Descriptors

Whether to suppress the results of the File Descriptors heath test. The results of suppressed health tests are ignored when
computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_kt_renewer_file_descriptor

true

Suppress Health Test: Heap Dump Directory Free Space

Whether to suppress the results of the Heap Dump Directory Free Space heath test. The results of suppressed health tests are ignored
when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_kt_renewer_heap_dump_directory_free_space

true

Suppress Health Test: Host Health

Whether to suppress the results of the Host Health heath test. The results of suppressed health tests are ignored when computing the
overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_kt_renewer_host_health

true

Suppress Health Test: Log Directory Free Space

Whether to suppress the results of the Log Directory Free Space heath test. The results of suppressed health tests are ignored when
computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_kt_renewer_log_directory_free_space

true

Suppress Health Test: Process Status

Whether to suppress the results of the Process Status heath test. The results of suppressed health tests are ignored when computing
the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_kt_renewer_scm_health

true

Suppress Health Test: Swap Memory Usage

Whether to suppress the results of the Swap Memory Usage heath test. The results of suppressed health tests are ignored when
computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_kt_renewer_swap_memory_usage

true

Suppress Health Test: Unexpected Exits

Whether to suppress the results of the Unexpected Exits heath test. The results of suppressed health tests are ignored when
computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

role_health_suppression_kt_renewer_unexpected_exits

true

service_wide

Advanced

Display Name

Description

Related Name

Default Value

API Name

Required

Enable Django Debug Mode

In debug mode, Django displays a detailed traceback when an exception occurs. Debugging information may contain sensitive data.
Django remembers every SQL query it executes in debug mode, which will rapidly consume memory.

For advanced use only, a string to be inserted into hue_safety_valve.ini. Applies to configurations of
all roles in this service except client configuration.

hue_service_safety_valve

false

System Group

The group that this service's processes should run as.

hue

process_groupname

true

System User

The user that this service's processes should run as.

hue

process_username

true

Enable Usage Data Collection

When you enable anonymous usage data collection Hue tracks anonymised pages and application versions in order to gather information
about each application's usage levels. The data collected does not include any hostnames or IDs. Data collection option is available on CDH 4.4 and later deployments.

collect_usage

true

usage_data_collection_enable

false

Database

Display Name

Description

Related Name

Default Value

API Name

Required

Hue Database Directory

If the database is SQLite3, this is the filename of the database to use, and the directory of this file must be writable by the
'hue' user.

dir

/var/lib/hue/desktop.db

database_dir

false

Database Dump File

File where the database gets dumped to or loaded from.

/tmp/hue_database_dump.json

database_dump_file

true

Hue Database Hostname

Name of host where the Hue database is running. Not necessary for SQLite3.

host

localhost

database_host

false

Hue Database Name

Name of Hue database.

name

hue

database_name

false

Hue Database Password

Password for Hue database. Not necessary for SQLite3.

password

database_password

false

Hue Database Port

Port on host where the Hue database is running. Not necessary for SQLite3.

port

3306

database_port

false

Hue Database Type

Type of database used for Hue

engine

sqlite3

database_type

false

Hue Database Username

The username to use to log into the Hue database. Not necessary for SQLite3.

user

hue

database_user

false

Monitoring

Display Name

Description

Related Name

Default Value

API Name

Required

Enable Service Level Health Alerts

When set, Cloudera Manager will send alerts when the health of this service reaches the threshold specified by the EventServer
setting eventserver_health_events_alert_threshold

true

enable_alerts

false

Enable Configuration Change Alerts

When set, Cloudera Manager will send alerts when this entity's configuration changes.

The health test thresholds of the overall Hue Server health. The check returns "Concerning" health if the percentage of "Healthy"
Hue Servers falls below the warning threshold. The check is unhealthy if the total percentage of "Healthy" and "Concerning" Hue Servers falls below the critical threshold.

Warning: 99.0 %, Critical: 51.0 %

hue_hue_servers_healthy_thresholds

false

Healthy Kerberos Ticket Renewer Monitoring Thresholds

The health test thresholds of the overall Kerberos Ticket Renewer health. The check returns "Concerning" health if the percentage of
"Healthy" Kerberos Ticket Renewers falls below the warning threshold. The check is unhealthy if the total percentage of "Healthy" and "Concerning" Kerberos Ticket Renewers falls below the critical
threshold.

Warning: 99.0 %, Critical: 51.0 %

hue_kt_renewers_healthy_thresholds

false

Service Triggers

The configured triggers for this service. This is a JSON formatted list of triggers. These triggers are evaluated as part as the
health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed. Each trigger has the following fields:

triggerName(mandatory) - The name of the trigger. This value must be unique for the specific service.

streamThreshold(optional) - The maximum number of streams that can satisfy a condition of a trigger before the condition
fires. By default set to 0, and any stream returned causes the condition to fire.

enabled(optional) - By default set to 'true'. If set to 'false', the trigger is not evaluated.

expressionEditorConfig(optional) - Metadata for the trigger editor. If present, the trigger should only be edited from the
Edit Trigger page; editing the trigger here can lead to inconsistencies.

For example, the followig JSON formatted trigger fires if there are more than 10 DataNodes with more than 500 file descriptors opened:[{"triggerName": "sample-trigger",
"triggerExpression": "IF (SELECT fd_open WHERE roleType = DataNode and last(fd_open) > 500) DO health:bad", "streamThreshold": 10, "enabled": "true"}]See the trigger rules documentation for
more details on how to write triggers using tsquery.The JSON format is evolving and may change and, as a result, backward compatibility is not guaranteed between releases.

Name of the ZooKeeper service that this Hue service instance depends on

zookeeper_service

false

Security

Display Name

Description

Related Name

Default Value

API Name

Required

Authentication Backend

Mode of authenticating login credentials. Select desktop.auth.backend.LdapBackend to use LDAP to authenticate login credentials.
LDAP requires you to also set the LDAP URL, Active Directory Domain, and optionally LDAP certificate if you are using secure LDAP. Select desktop.auth.backend.PamBackend to use PAM to authenticate
login credentials.

backend

desktop.auth.backend.AllowFirstUserDjangoBackend

auth_backend

false

LDAP Search Base

The distinguished name to use as a search base for finding users and groups. This should be similar to
'dc=hadoop,dc=mycompany,dc=com'.

base_dn

base_dn

false

LDAP Bind User

Distinguished name of the user to bind as. Not required if the LDAP server supports anonymous searches. For Active Directory, this
would be similar to 'hadoop-admin@mycompany.com'.

bind_dn

bind_dn

false

LDAP Bind Password

The password of the bind user.

bind_password

bind_password

false

Create LDAP users on login

Create users in Hue when they try to login with their LDAP credentials. For use when using LdapBackend for Hue authentication.

create_users_on_login

true

create_users_on_login

false

LDAP Group Filter

Base filter for searching for groups. For Active Directory, this is typically '(objectClass=group)'.

group_filter

group_filter

false

LDAP Group Membership Attribute

The attribute of the group object that identifies the members of the group. For Active Directory, this is typically 'member'.

group_member_attr

group_member_attr

false

LDAP Group Name Attribute

The group name attribute in the LDAP schema. For Active Directory, this is typically 'cn'.

group_name_attr

group_name_attr

false

Kerberos Principal

Kerberos principal short name used by all roles of this service.

hue

kerberos_princ_name

true

LDAP Certificate

LDAP certificate for authentication over TLS

ldap_cert

ldap_cert

false

LDAP URL

The URL of the LDAP Server; similar to 'ldap://auth.mycompany.com' or 'ldaps://auth.mycompany.com'.

ldap_url

ldap_url

false

LDAP Username Pattern

LDAP Username Pattern for use with non-Active Directory LDAP implementations. Must contain the special '<username>' string for
replacement during authentication.

ldap_username_pattern

ldap_username_pattern

false

Active Directory Domain

Only applies to Active Directory. The Active Directory Domain will be similar to 'MYCOMPANY.COM'.

nt_domain

nt_domain

false

PAM Backend Service Name

The PAM service name to use when authenticating over desktop.auth.backend.PamBackend. This is typically the name of a file under
/etc/pam.d/ on the Hue host.

pam_service

login

pam_auth_service

false

Use Search Bind Authentication

Search Bind Authentication connects to the LDAP server using credentials provided in the 'bind_dn' and 'bind_password'
configurations. If these configurations are not set, then an anonymous search is performed.

search_bind_authentication

false

search_bind_authentication

false

Use StartTLS

Whether to use StartTLS (as opposed to ldaps) to communicate securely with the LDAP server. This is only effective when the LDAP
certificate is specified.

use_start_tls

true

use_start_tls

false

LDAP User Filter

The base filter for searching for users. For Active Directory, this is typically '(objectClass=user)'.

user_filter

user_filter

false

LDAP Username Attribute

The username attribute in the LDAP schema. For Active Directory, this is typically 'sAMAccountName'.

user_name_attr

user_name_attr

false

Suppressions

Display Name

Description

Related Name

Default Value

API Name

Required

Suppress Parameter Validation: LDAP Search Base

Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Search Base parameter.

false

service_config_suppression_base_dn

true

Suppress Parameter Validation: LDAP Bind User

Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Bind User parameter.

false

service_config_suppression_bind_dn

true

Suppress Parameter Validation: LDAP Bind Password

Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Bind Password parameter.

false

service_config_suppression_bind_password

true

Suppress Parameter Validation: Blacklist

Whether to suppress configuration warnings produced by the built-in parameter validation for the Blacklist parameter.

false

service_config_suppression_blacklist

true

Suppress Parameter Validation: Hue Database Directory

Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Database Directory
parameter.

false

service_config_suppression_database_dir

true

Suppress Parameter Validation: Database Dump File

Whether to suppress configuration warnings produced by the built-in parameter validation for the Database Dump File parameter.

false

service_config_suppression_database_dump_file

true

Suppress Parameter Validation: Hue Database Hostname

Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Database Hostname
parameter.

false

service_config_suppression_database_host

true

Suppress Parameter Validation: Hue Database Name

Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Database Name parameter.

false

service_config_suppression_database_name

true

Suppress Parameter Validation: Hue Database Password

Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Database Password
parameter.

false

service_config_suppression_database_password

true

Suppress Parameter Validation: Hue Database Username

Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Database Username
parameter.

false

service_config_suppression_database_user

true

Suppress Parameter Validation: Default Site Encoding

Whether to suppress configuration warnings produced by the built-in parameter validation for the Default Site Encoding
parameter.

false

service_config_suppression_default_site_encoding

true

Suppress Parameter Validation: Default User Group

Whether to suppress configuration warnings produced by the built-in parameter validation for the Default User Group parameter.

false

service_config_suppression_default_user_group

true

Suppress Parameter Validation: LDAP Group Filter

Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Group Filter parameter.

false

service_config_suppression_group_filter

true

Suppress Parameter Validation: LDAP Group Membership Attribute

Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Group Membership Attribute
parameter.

false

service_config_suppression_group_member_attr

true

Suppress Parameter Validation: LDAP Group Name Attribute

Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Group Name Attribute
parameter.

Whether to suppress configuration warnings produced by the built-in parameter validation for the Service Monitor Derived Configs
Advanced Configuration Snippet (Safety Valve) parameter.

false

service_config_suppression_smon_derived_configs_safety_valve

true

Suppress Parameter Validation: Time Zone

Whether to suppress configuration warnings produced by the built-in parameter validation for the Time Zone parameter.

false

service_config_suppression_time_zone

true

Suppress Parameter Validation: User Augmentor

Whether to suppress configuration warnings produced by the built-in parameter validation for the User Augmentor parameter.

false

service_config_suppression_user_augmentor

true

Suppress Parameter Validation: LDAP User Filter

Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP User Filter parameter.

false

service_config_suppression_user_filter

true

Suppress Parameter Validation: LDAP Username Attribute

Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Username Attribute
parameter.

false

service_config_suppression_user_name_attr

true

Suppress Parameter Validation: Whitelist

Whether to suppress configuration warnings produced by the built-in parameter validation for the Whitelist parameter.

false

service_config_suppression_whitelist

true

Suppress Health Test: Beeswax Server Health

Whether to suppress the results of the Beeswax Server Health heath test. The results of suppressed health tests are ignored when
computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

service_health_suppression_hue_beeswax_server_health

true

Suppress Health Test: Hue Server Health

Whether to suppress the results of the Hue Server Health heath test. The results of suppressed health tests are ignored when
computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

service_health_suppression_hue_hue_servers_healthy

true

Suppress Health Test: Kerberos Ticket Renewer Health

Whether to suppress the results of the Kerberos Ticket Renewer Health heath test. The results of suppressed health tests are ignored
when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

false

service_health_suppression_hue_kt_renewers_healthy

true

Suppress Health Test: Load Balancer Health

Whether to suppress the results of the Load Balancer Health heath test. The results of suppressed health tests are ignored when
computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.

If this documentation includes code, including but not limited to, code examples, Cloudera makes this available to you under the terms of the Apache License, Version 2.0, including any required
notices. A copy of the Apache License Version 2.0 can be found here.